Key responsibilities
• Delivers information security risk assessments of projects, new technologies, external service providers, and IT changes. Guides staff and managers on the appropriate risk mitigation strategies.
• Effectively communicates requirements and trains staff and managers to identify and manage IT risks throughout the project lifecycle.
• Communicates and reports on risk metrics to the various governance committees.
• Conducts quality assurance reviews of security requirements and audit recommendations for the implementation of identified solutions.
• Manages the engagement process of external risk assessment providers and acts as a liaison with internal IT project teams and Risk.
• Supports the Bank’s ISO 27001 certification by promoting self-compliance to policies and standards by IT staff and managers. Keeps abreast of international information security codes of practice such as ISO 27001/27002, information security and privacy regulations and how these measures could affect information assets owned by, or administered on behalf of, the Stanbic IBTC.
• Assists with the development of the Bank’s enterprise security architecture and standards at the business, information, infrastructure, and application level. Provides subject matter expertise on enterprise security architecture and influences selection of tools and technologies to support the bank’s security architecture standards.
• As an advocate of information security, works closely and proactively with IT project team leaders, service providers, and business units to provide security-related technical solutions. Identifies opportunities to improve business practices or IT security-related processes.
• Work closely with Change and Enablement: undertake risk analysis of all business process improvement initiative within the context of information security.
• Works closely with IT project teams to develop implementation plans for new security-related products and services.
• Coordinates the preparation and presentation of user technical support and training materials to ensure the efficient, effective and secure use of information and communications technology.
• Coordinates and supports the work of security governance.
• Prioritizes, monitors, and assesses compliance and audit recommendation results to ensure they are comprehensive, robust, and of high quality.
• Establish on-going Information Risk management programme
• Establish enterprise-wide Information Security risk management function
• Establish Information Security risk assessment process and communicate risks and impacts to Senior Management
• Prepare timely and appropriate response to inquiries from regulators and key stakeholders Implement:
• Coordinate risk assessment and action plan implementation with Senior Management, Information Technology, Internal Audit, Legal, Risk Management and other personnel
• Communicate risk management requirements and standards to all employees, through trainings and publications
• Monitor progress of investigations of security incidents and alerts